Powered by Tech-Attacks

Exploits - The Core Part of Hacking (Intro)

Exploits :
An exploit is a piece of software of chunk of data that takes advantage of vulnerability or bug in order to cause unintended or unanticipated behavior to occur on computer

Types of Exploits :
Exploits are of many types, but the most popular ones that are commonly used this days are as follows :
1) Xss(Cross site scripting)
2) Sql injection
3) Clickjacking
4) DDos attack
5) POC attack (Proof of
concept)
6) Spoofing
Small Introduction for few of them is written below. But before that,
Please take a second to Bookmark TechAttacks for your later use or For more Updates Follow us on our BLOG or get tuned by simply Liking Tech-Attacks on Facebook.

XSS / CSS (Cross Site Scripting) :
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

SQL Injection :
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.

DDos attack :
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a website but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack, this one of the most used method for website hacking.

POC(Proof of concept) :
In computer security the term proof of concept (proof of concept code or POC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability. This was the same attack.


Clickjacking :
This attack was made on twitter,After the micro-blogging site immunized its users against a fast-moving worm that caused them to unintentionally broadcast messages when they clicked on an innocuous-looking button, hackers have found a new way to exploit the clickjacking vulnerability.
The latest attack comes from UK-based web developer Tom Graham, who discovered that the fix Twitter rolled out wasn't applied to the mobile phone section of the site. By the time we stumbled on his findings, the exploit no longer worked. But security consultant Rafal Los sent us a minor modification that sufficiently pawned a dummy account we set up for testing purposes.
The exploit is the latest reason to believe that clickjacking, on Twitter and elsewhere, is here to stay, at least until HTML specifications are rewritten. No doubt web developers will continue to come up with work-around, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons. Virtually every website and browser is susceptible to the technique.

Spoofing :
According to Wikipedia spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

No comments:

Post a Comment